CVE-2022-30320

Saia Burgess Controls SBC PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls SBC PCD S-Bus weak credential hashing scheme issue. The affected components are characterized as: S-Bus 5050/UDP authentication. The...

CVE-2022-30320

The CVE-2022-30320 entry concerns Saia Burgess Controls (SBC) PCD and its S-Bus authentication over UDP (5050). The root cause is use of a CRC-16 based hash for password verification in the S-Bus write-byte authentication, which is not cryptographically secure. Reported impact is authentication b...

CVE-2022-29953

The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality...

Hardcoded credentials

The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality...

CVE-2022-30270

The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is controlled by 5...

CVE-2022-29953

The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality...

CVE-2020-36290

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting XSS...

set-deep-prop Prototype Pollution

All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality...

GHSA-V42Q-78W8-8FCC set-deep-prop Prototype Pollution

All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality...

Inductive Automation Ignition

1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Inductive Automation Equipment: Ignition Vulnerability: Improper Restriction of XML External Entity Reference 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

Lin CMS Spring Boot 安全漏洞

Lin CMS Spring Boot is a SpringBoot-based CMS/DMS/Management System development framework from the team at TaleLin. A security vulnerability exists in Lin CMS Spring Boot version v0.2.1, which can be exploited by an attacker to access back-end information and functionality within an application...

Design/Logic Flaw

Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a...

CVE-2021-29788

CVE-2021-29788 affects IBM Engineering Requirements Quality Assistant On-Premises (all versions). A cross-site scripting vulnerability arises from inadequate data validation/output filtering, allowing an attacker to embed arbitrary JavaScript in the Web UI and potentially disclose credentials wit...

Ambit Technologies iTech Freelancer Script SQL注入漏洞

Ambit Technologies iTech Freelancer Script is a popular and cost-effective solution from Ambit Technologies India for launching your freelancer website. Ambit Technologies Itech Freelancer Script version 5.13 suffers from a security vulnerability that stems from the presence of unknown...

CVE-2022-30242

Honeywell Alerton Ascent Control Module (ACM) up to 2022-05-04 is affected by CVE-2022-30242, allowing unauthenticated configuration changes from remote users. The root issue is unprotected remote configuration access that can store altered configuration on the controller and implement it, creati...

Siemens PADS Standard/Plus Viewer Out-of-Bounds Writing Vulnerability (CNVD-2022-51623)

PADS Standard and Standard Plus provide PCB schematic design and layout functionality in an intuitive and easy-to-use environment.An out-of-bounds write vulnerability exists in Siemens PADS Standard/Plus Viewer, which could be exploited by an attacker to execute code in the context of the current...

Siemens PADS Standard/Plus Viewer Out-of-Bounds Reading Vulnerability (CNVD-2022-51620)

PADS Standard and Standard Plus provide PCB schematic design and layout functionality in an intuitive and easy-to-use environment.An out-of-bounds read vulnerability exists in Siemens PADS Standard/Plus Viewer, which could be exploited by an attacker to execute code in the context of the current...

Siemens PADS Standard/Plus Viewer Out-of-Bounds Reading Vulnerability (CNVD-2022-51619)

PADS Standard and Standard Plus provide PCB schematic design and layout functionality in an intuitive and easy-to-use environment.An out-of-bounds read vulnerability exists in Siemens PADS Standard/Plus Viewer, which could be exploited by an attacker to execute code in the context of the current...

Siemens PADS Standard/Plus Viewer堆栈损坏漏洞

PADS Standard and Standard Plus provide PCB schematic design and layout functionality in an intuitive and easy-to-use environment.A stack corruption vulnerability exists in Siemens PADS Standard/Plus Viewer, which can be exploited by an attacker to disclose information in the context of the curre...

Command Injection

codecov is vulnerable to command injection. The vulnerability exists due to the lack of sanitization in the gcov arguments in the main function of init.py, allowing an attacker to inject and execute malicious commands before being provided to the Popen functionality...